The world of electronic commerce has created new challenges to establishing relationships between contracting parties. One of those challenges springs from the fact that the parties to the transaction can not see or hear each other, and can not otherwise easily confirm each other's identity and authority to act.
One remedy for this problem is to provide each contracting party with a private key for signing transmitted messages. The signing party makes available an associated public key that decrypts messages signed with the party's private key, and thus enables a receiving party to confirm the identity of the sender.
But the sender's public key may not be known a priori to the recipient. In that event, the sender may transmit with its signed message a digital certificate issued by a Certification Authority. The certificate is itself a signed electronic document (signed with the private key of the Certification Authority) certifying that a particular public key is the public key of the sender. A system that implements such a solution is called a Public Key Infrastructure.
Another challenge facing electronic commerce is ensuring the trustworthiness of software, such as a Web browser, used by contracting parties to conduct electronic transactions. Because these transactions take place over a computer network such as the Internet, a transacting party's Web browser may be exposed to viruses, trojans and other malicious programs. Such programs may corrupt the browser and may destroy the confidence of the parties that an electronic transaction will be carried out according to their intentions. For example, if a buying party's browser is corrupt, then the buying party can not be assured that the buying party's signature will not be affixed to a transaction that the buying party did not know of, did not authorize, or whose contents have been altered without the buying party's knowledge. And a selling party can not be assured that a completed transaction will not later be refuted by the buying party. A corrupt browser may thus compromise the ability of the parties to conduct secure electronic commerce.